Welcome to eWorks Online ("we," "us," "our"), a cloud-based Computerised Maintenance Management System (CMMS) and Computer-Aided Facility Management (CAFM) platform operated at eworksonline.com.
This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit our website, create an account, or use any of our services — including work order management, preventive maintenance scheduling, asset lifecycle tracking, service request portals, analytics dashboards, MRO inventory control, space and floor plan management, and document and compliance management.
By accessing or using eWorks Online, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of our services.
2. Information We Collect
2.1 Information You Provide
Account Registration: Name, email address, phone number, job title, organisation name, and industry sector.
Profile & Organisation Data: Company details, facility locations, department structures, and user role assignments configured under your tenant.
Platform Content: Work orders, maintenance schedules, asset records, service requests, floor plans, inventory data, compliance documents, photographs, and any other data you enter or upload into the platform.
Communications: Messages you send to us via contact forms (processed through Web3Forms), support tickets, or email correspondence.
Payment Information: Billing details processed through our third-party payment provider. We do not store full credit card numbers on our servers.
2.2 Information Collected Automatically
Usage Data: Pages visited, features accessed, work order activity patterns, login timestamps, and session duration.
Device & Browser Data: IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
Log Data: Server logs that record requests made to our platform, including URLs, response times, and error codes.
2.3 Information from Third Parties
We may receive information from integrated third-party services such as BMS/SCADA systems, IoT sensors, or enterprise resource planning (ERP) platforms that you choose to connect with eWorks Online. The data shared depends on your integration configuration.
3. How We Use Your Information
We use the information we collect to:
Provide & Operate the Platform: Deliver core functionality including work order management, PM scheduling, asset tracking, service requests, analytics, inventory control, space management, and compliance tracking.
Multi-Tenant Isolation: Ensure your organisation's data is securely isolated from other tenants using Row-Level Security (RLS) and role-based access control (RBAC).
Improve Our Services: Analyse usage patterns and KPI data (MTBF, MTTR, SLA compliance) in aggregate to enhance platform features and performance.
Communicate With You: Send account notifications, maintenance alerts, work order assignments, PM reminders, warranty expiry notices, and platform updates.
Provide Support: Respond to enquiries, troubleshoot issues, and deliver technical assistance.
Ensure Security: Detect, prevent, and respond to fraud, unauthorised access, or other security threats.
Legal Compliance: Meet obligations under applicable laws, regulations, and industry standards including ISO 9001, ISO 14001, ISO 18001, and ISO 50001 compliance documentation requirements.
4. Data Storage & Security
We take the security of your data seriously and implement industry-standard measures to protect it:
Encryption: All data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256 encryption.
Access Controls: We implement RBAC with granular permissions so only authorised personnel can access specific data. JWT-based authentication with refresh token rotation secures all API endpoints.
Multi-Tenancy Isolation: Each organisation's data is logically separated at the database level using PostgreSQL Row-Level Security policies.
Infrastructure: Our platform is hosted on secure, enterprise-grade cloud infrastructure with regular security audits, vulnerability assessments, and intrusion detection systems.
Backups: Automated daily backups with geo-redundant storage ensure data durability and disaster recovery capability.
While we implement robust safeguards, no method of electronic transmission or storage is 100% secure. We encourage users to protect their login credentials and report any suspected security breaches immediately.
5. Data Sharing & Disclosure
We do not sell, rent, or trade your personal information. We may share your data only in the following circumstances:
Service Providers: Trusted third-party vendors who assist us in operating the platform, processing payments, delivering email/SMS notifications, and providing customer support — bound by strict data protection agreements.
Within Your Organisation: Data is visible to users within your tenant according to your configured RBAC and permission settings (e.g., facility managers may see work orders across multiple sites).
Legal Requirements: When required by law, regulation, legal process, or enforceable governmental request.
Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the successor entity with equivalent privacy protections.
With Your Consent: In any other case, we will seek your explicit consent before sharing your information.
6. Cookies & Tracking Technologies
Our website and platform use cookies and similar technologies to improve your experience:
Essential Cookies: Required for authentication, session management, and security. These cannot be disabled.
Functional Cookies: Remember your preferences, dashboard layouts, and language settings.
Analytics Cookies: Help us understand how visitors use our website and platform so we can improve performance and user experience.
You can manage cookie preferences through your browser settings. Disabling certain cookies may affect platform functionality.
7. Your Rights & Choices
Depending on your jurisdiction, you may have the following rights regarding your personal data:
Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate or incomplete data.
Erasure: Request deletion of your personal data, subject to legal retention obligations.
Data Portability: Request your data in a structured, machine-readable format (CSV/Excel export).
Restriction: Request that we limit the processing of your data in certain circumstances.
Objection: Object to processing based on legitimate interests or direct marketing.
Withdraw Consent: Where processing is based on consent, you may withdraw at any time.
To exercise any of these rights, please contact us at the details provided in Section 12. We will respond to your request within 30 days.
7.1 Australian Privacy Act Compliance
If you are located in Australia, your personal information is handled in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). You may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached.
7.2 GDPR Compliance
If you are located in the European Economic Area (EEA) or the United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection authority.
8. International Data Transfers
eWorks Online serves customers across multiple continents. Your data may be processed in jurisdictions outside your country of residence. Where such transfers occur, we ensure appropriate safeguards are in place, including standard contractual clauses, adequacy decisions, or equivalent mechanisms recognised by applicable law.
9. Data Retention
We retain your personal information for as long as your account is active or as needed to provide our services. Specific retention periods include:
Account Data: Retained for the duration of your subscription plus 90 days after account closure to allow for reactivation.
Platform Data: Work orders, asset records, maintenance logs, and compliance documents are retained per your organisation's configured retention policies.
Usage Logs: Retained for up to 12 months for analytics and security purposes.
Communication Records: Retained for up to 24 months.
After the applicable retention period, data is securely deleted or anonymised.
10. Children's Privacy
eWorks Online is a business-to-business platform and is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you via email or a prominent notice on our platform at least 14 days before the changes take effect.
We encourage you to review this page periodically. The "Last Updated" date at the top of this page indicates when the policy was most recently revised.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: